Comments

Hi Niklas - I would focus more on your active PC issue, as sorting that out will make the rest of what you want to do much easier.

Are you using PDQ's AD Sync in Inventory? If so, depending on your sync settings, there are ways you can create collections to sort out machines based on their last activity/logon time. Here is how I am doing this -

You can set the amount of time to anything you want - I use 45 days because the AD Last Logon field can be inaccurate up to 14 days (more or less - so if the time shows "Last logon 15 days ago", it could actually be 1 day ago or up to 30 days). By using 45, I am able to be fairly certain it as been at least 30 days since the last time it checked into AD.

And the final check of "Is Online" is simply to make sure any false-positives related to DNS are ignored - if a machine is online it is usually in use by someone, regardless of what PDQ or AD is showing.

And to filter for disabled devices, you can use -

I think the first collection above would get you to where you wanted to be - just make sure to verify each machine before you disable/remove it from AD.

Yes, you can sync without any OUs (containers). You would just choose the root that your computers reside in. It might make things more messy for you initially, but it should work.
If you don't want to sync your whole forest, you can use the "Include" and "Exclude" options in the Preferences section to select only those containers you choose (since AD comes with some default OUs already).